API tools faq
paste
Advertisement
rjm27trekkie

remapping exit function in GOT tables to run loop again

rjm27trekkie
Apr 6th, 2017
1,027
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
GDB 2.42 KB | None | 0 0
raw download clone embed print report
  1. robbie@debian-server:~/pico_ctf_2017/binary_exploitation/level3$ gdb console -q
  2. Reading symbols from console...(no debugging symbols found)...done.
  3. (gdb) x set_exit_message
  4. 0x4008d2 <set_exit_message>:    0xe5894855
  5. (gdb) disassemble 0x4008d2
  6. Dump of assembler code for function set_exit_message:
  7.    0x00000000004008d2 <+0>:     push   %rbp
  8.    0x00000000004008d3 <+1>:     mov    %rsp,%rbp
  9.    0x00000000004008d6 <+4>:     sub    $0x10,%rsp
  10.    0x00000000004008da <+8>:     mov    %rdi,-0x8(%rbp)
  11.    0x00000000004008de <+12>:    cmpq   $0x0,-0x8(%rbp)
  12.    0x00000000004008e3 <+17>:    jne    0x4008f9 <set_exit_message+39>
  13.    0x00000000004008e5 <+19>:    mov    $0x400bef,%edi
  14.    0x00000000004008ea <+24>:    callq  0x400690 <puts@plt>
  15.    0x00000000004008ef <+29>:    mov    $0x1,%edi
  16.    0x00000000004008f4 <+34>:    callq  0x400730 <exit@plt>
  17.    0x00000000004008f9 <+39>:    mov    $0x400c18,%edi
  18.    0x00000000004008fe <+44>:    callq  0x400690 <puts@plt>
  19.    0x0000000000400903 <+49>:    mov    -0x8(%rbp),%rax
  20.    0x0000000000400907 <+53>:    mov    %rax,%rdi
  21.    0x000000000040090a <+56>:    mov    $0x0,%eax
  22.    0x000000000040090f <+61>:    callq  0x4006c0 <printf@plt>
  23.    0x0000000000400914 <+66>:    mov    -0x8(%rbp),%rax
  24.    0x0000000000400918 <+70>:    mov    %rax,%rsi
  25.    0x000000000040091b <+73>:    mov    $0x65,%edi
  26.    0x0000000000400920 <+78>:    callq  0x400846 <append_command>
  27.    0x0000000000400925 <+83>:    mov    $0x0,%edi
  28.    0x000000000040092a <+88>:    callq  0x400730 <exit@plt>
  29. End of assembler dump.
  30. (gdb) disassemble 0x400730
  31. Dump of assembler code for function exit@plt:
  32.    0x0000000000400730 <+0>:     jmpq   *0x200b22(%rip)        # 0x601258 <exit@got.plt>
  33.    0x0000000000400736 <+6>:     pushq  $0xa
  34.    0x000000000040073b <+11>:    jmpq   0x400680
  35. End of assembler dump.
  36. (gdb) r log
  37. Starting program: /home/robbie/pico_ctf_2017/binary_exploitation/level3/console log
  38. Config action: ^C
  39. Program received signal SIGINT, Interrupt.
  40. 0x00007ffff7b0cba0 in __read_nocancel () at ../sysdeps/unix/syscall-template.S:81
  41. 81      ../sysdeps/unix/syscall-template.S: No such file or directory.
  42. (gdb) x loop
  43. 0x4009bd <loop>:        0xe5894855
  44. (gdb) set {int}0x601258=0x4009bd
  45. (gdb) c
  46. Continuing.
  47. e asdf
  48. Exit message set!
  49. asdfConfig action: e asdf
  50. Exit message set!
  51. asdfConfig action: e asdf
  52. Exit message set!
  53. asdfConfig action: e asdf
  54. Exit message set!
  55. asdfConfig action: e asdf
  56. Exit message set!
  57. asdfConfig action:
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!